Hi Reader,

In the last edition of the Box Clever newsletter, I mentioned the recent Austrian legal decision declaring Google Analytics to be in violation of the GDPR and the German decision to also declare Google Fonts in violation of Europe's data protection laws.

Fines can be up to 20 million Euros or up to 4% of worldwide turnover, whichever is higher. And these fines are now starting to be enforced in Europe and can be enforced outside of the EU as well.

This gets complex fast, but here's the deal in a nutshell: the GDPR basically says that it's illegal to take personalised EU data outside of the EU. An IP address constitutes personalised data and both Google Analytics and Google Fonts transfer IP addresses from the EU to the US. The dodgy thing about Google Analytics is that even when you choose to anonymise IP addresses on your website and in your GA settings, Google still transfers the IP address before it is made anonymous in the system.

The main issue here is not data held here in Australia, but data that may be held in the US, because US agencies have the legal right to request any data held by a US company. So while most Studio Clvr clients are here in Australia, many of the tools we all use are based in the US. I'm looking closely at the tools I'm using at Studio Clvr to ensure that the privacy of my site visitors and the site visitors of my clients are protected.

Your questions answered

A few of you wrote in to me with questions around data privacy and how this affects Australian businesses in particular. Here are my answers.

I'm not in Europe, so why does this affect me?

If your business has a European presence or a website that caters to EU citizens, you are in violation of the GDPR. This doesn't include websites that could be accessed by an EU citizen, but does apply to any business with an EU address, phone number, domain name extension, or with a European language option included on the site. So if you are targeting EU clients and are tracking European citizens visiting your website via Google Analytics or Google Fonts, you are in violation of the GDPR and can be fined for violating the privacy of European citizens. A company of any size can be fined.

I don't have clients in Europe — should I care?

The EU is where this is starting, but privacy challenges are popping up the world over. I think it's good business to stay ahead of the game in anticipation of an eventual update to the Australian Privacy Act (1988) and the privacy laws that affect your clients, wherever they may be. But it's more than just the legals for me and a lot of folks in the design and tech communities I'm a part of. It's an ethical choice. I've decided that I don't need to know where people have come from before they land on my website, nor where they go from my website. I don't want to be that icky remarketer who follows people around the internet. These forms of data-based advertising are likely to be unsound from both a business and ethical perspective before local privacy laws catch up and actively declare them to be illegal in countries outside of the EU.

What can I use instead of Google Analytics and Google Fonts?

• Google Analytics: last year, I switched the website analytics for Studio Clvr from Google Analytics to Fathom Analytics ($10 off with my affiliate link) and I have not looked back. I no longer collect any third party (tracking) cookies on my website, so I don't need to have a cookie banner. I cannot identify the personal information of my site visitors unless they explicitly provide it to me via a form on the site. I only see the simplified data I need to see and this is definitely enough for me to understand what's happening with my site traffic so I can optimise my website accordingly. The really cool thing about Fathom is that it makes my site faster than it was with the heavier Google Analytics on there, so it's also a win for my SEO. I'm offering free Fathom Analytics setup to all clients on a Clvr Care plan, so if you have any questions ask away.
• Google Fonts: in light of these changes, it should now be standard practice to ensure that all fonts are hosted locally on your website, and not pulled down from the Google cloud. Give me a shout if you need any help transitioning your fonts.

Disclaimer: I am not a lawyer and the information in this newsletter and on the Studio Clvr website does not constitute legal advice. Consult a lawyer for specific privacy-related legal advice; I can refer you to an Australian/US tech law firm who specialise in privacy if you need an intro (shoot me an email).

Need some clever strategy help? Or someone to smash through your design and dev tasks? A Clever Hour or Clever Day might be just the ticket to moving your business forward! Clever, straight-up advice and list-smashing day work for quick wins.

​

​

​Studio Clvr // Web design and clever online strategies